Re: [exim] clamAV and content scanning

Pàgina inicial
Delete this message
Reply to this message
Autor: Fred Viles
Data:  
A: exim-users
Assumpte: Re: [exim] clamAV and content scanning
On 11 Mar 2005 at 11:30, Jim Pazarena wrote about
    "[exim] clamAV and content scanning":


| never used exiscan or clamAV before so it's learning curve.
| my question however is this:
| latest clamAV is 0.83
| exim spec for 4.50 suggests that "Clamd does not seem to unpack MIME"


There was just a sub-thread about this, but with a much less obvious
subject. Clam (at least) *does* now unpack MIME messages, so not
using demime will work, in general.

But there were comments about Clam's MIME parser being younger and
potentially more fragile that Exiscan's, so there may still be some
reason to prefer demime.

| later the spec indicates that demime ACL "is deprecated and kept only
| backward compatibility".
| question:
| does clamAV 0.83 perhaps not require demime ACL any longer?


Correct.

| question:
| if demime ACL is deprecated, is their a newer replacement for it?


Not so far. decode in the MIME ACL does not cause malware in the
DATA ACL to pass individual message parts to the scanner. And IIRC,
there are other scanners listed in the exiscan/4.50 docs as not
unpacking MIME containers.

- Fred